/**
 * 用户管理控制器 - 处理多租户用户的创建、查询、管理等REST API接口
 *
 * 开发人员：马勇俐
 * 开发时间：2025-11-16 至 2025-11-20
 * 模块职责：提供多租户用户相关的REST API接口，支持用户创建、查询、更新、删除等完整用户管理功能
 *
 * 技术要点：
 * - RESTful API设计，遵循REST规范
 * - 多租户架构，企业级数据隔离
 * - AOP审计日志记录操作轨迹
 * - 密码加密和安全认证机制
 * - 用户权限和菜单权限集成
 *
 * 开发故事：负责用户管理控制器的开发，与用户服务层和前端用户界面深度配合，确保多租户用户的完整管理和安全性。
 */
package com.pbl.controller;

import com.pbl.aspect.AuditLog;
import com.pbl.common.model.ApiResponse;
import com.pbl.dto.UserDto;
import com.pbl.dto.UserMenuDto;
import com.pbl.entity.User;
import com.pbl.service.PermissionService;
import com.pbl.service.UserService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.*;

import javax.validation.Valid;
import java.util.List;

@RestController
@RequestMapping("/enterprises/{enterpriseId}/users")
public class UserController {

    private final UserService userService;
    private final PermissionService permissionService;

    /**
     * 构造用户控制器
     * @param userService 用户服务层
     * @param permissionService 权限服务层
     */
    public UserController(UserService userService, PermissionService permissionService) {
        this.userService = userService;
        this.permissionService = permissionService;
    }

    @AuditLog(action = "user.create", resource = "user")
    @PostMapping
    public ApiResponse<User> create(@PathVariable Long enterpriseId, @Valid @RequestBody UserDto dto) {
        User u = new User();
        u.setUsername(dto.getUsername());
        u.setEmail(dto.getEmail());
        u.setPhone(dto.getPhone());
        u.setStatus(dto.getStatus());
        if (dto.getPassword() != null && !dto.getPassword().isEmpty()) {
            u.setPasswordHash(new BCryptPasswordEncoder().encode(dto.getPassword()));
        }
        return ApiResponse.success(userService.create(enterpriseId, u));
    }

    @AuditLog(action = "user.update", resource = "user")
    @PutMapping("/{id}")
    public ApiResponse<User> update(@PathVariable Long enterpriseId, @PathVariable Long id, @Valid @RequestBody UserDto dto) {
        User u = new User();
        u.setEmail(dto.getEmail());
        u.setPhone(dto.getPhone());
        u.setStatus(dto.getStatus());
        return ApiResponse.success(userService.update(id, u));
    }

    @GetMapping("/{id}")
    public ApiResponse<User> get(@PathVariable Long enterpriseId, @PathVariable Long id) {
        return ApiResponse.success(userService.get(id));
    }

    @AuditLog(action = "user.delete", resource = "user")
    @DeleteMapping("/{id}")
    public ApiResponse<Void> delete(@PathVariable Long enterpriseId, @PathVariable Long id) {
        userService.delete(id);
        return ApiResponse.success();
    }

    @GetMapping
    public ApiResponse<List<User>> list(@PathVariable Long enterpriseId) {
        return ApiResponse.success(userService.listByEnterprise(enterpriseId));
    }

    /**
     * 获取用户菜单和权限
     */
    @GetMapping("/{userId}/menus")
    public ApiResponse<UserMenuDto> getUserMenus(@PathVariable Long enterpriseId, @PathVariable Long userId) {
        return ApiResponse.success(permissionService.getUserMenuAndPermissions(userId));
    }
}
